Lucene search
+L

360 matches found

UbuntuCve
UbuntuCve
added 2026/05/25 10:16 a.m.18 views

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/25 10:16 a.m.12 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/25 8:57 a.m.12 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/25 8:57 a.m.38 views

CVE-2026-5223

CVE-2026-5223 affects Cargo: symlinks inside crate tarballs from third-party registries can cause a malicious crate to override the cached source of another crate from the same registry. The issue is due to how symlinks are handled, enabling modification of source files after download. Impact is ...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 8:57 a.m.11 views

CVE-2026-5223 Crates in third party registries can override the cached source of other crates

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/25 8:57 a.m.42 views

CVE-2026-5223 Crates in third party registries can override the cached source of other crates

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS0.00294EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/25 8:57 a.m.19 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.00294EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/25 8:54 a.m.14 views

CVE-2026-5222 Cargo can be coerced to share credentials between registries

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

2.3CVSS5.9AI score0.00328EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 8:54 a.m.9 views

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

2.3CVSS5.9AI score0.00328EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/25 8:54 a.m.39 views

CVE-2026-5222 Cargo can be coerced to share credentials between registries

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

2.3CVSS0.00328EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/25 8:54 a.m.11 views

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.23 views

PT-2026-43024

Name of the Vulnerable Software and Affected Versions Cargo versions 1.68 through 1.95 Description Cargo incorrectly normalized URLs of third-party registries using the sparse index protocol. In scenarios where a hosting provider allows multiple registries to be hosted with arbitrary names within...

6.8CVSS5.9AI score0.00328EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.14 views

PT-2026-43025

Name of the Vulnerable Software and Affected Versions Cargo versions prior to 1.96.0 Description Cargo incorrectly handled symbolic links symlinks—which are files that point to another file or directory—inside crate tarballs downloaded from third-party registries. This allows a malicious crate to...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References21
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Cargo 安全漏洞

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A security vulnerability exists in Cargo versions 1.68 through 1.96, which stems from a misnormalization of third-party registry URLs that use the sparse indexing protocol, where an attacker who is able to publish crat...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. There is a security vulnerability in Docker Model Runner MLX. This vulnerability stems from the unconditional import and execution of any Python file in the model directory. It may allow malicious models to be pulled...

8.8CVSS6.2AI score0.00224EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/20 3:7 a.m.6 views

SUSE CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

3.7CVSS6.8AI score0.01034EPSS
Exploits0References30
OSV
OSV
added 2026/05/16 11:58 a.m.63 views

CLSA-2026-1778932682 python3: Fix of CVE-2024-4032

CVE-2024-4032: update ipaddress module to reflect latest IANA Special-Purpose Address Registries...

7.5CVSS5.8AI score0.01034EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 11:16 p.m.8 views

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

6.5CVSS0.00199EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 11:16 p.m.2 views

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

6.5CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 10:0 p.m.4 views

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

5.8AI score0.00199EPSS
Exploits0References1
Rows per page
Query Builder